look at it closer Jeff. It does not touch the escaped url string itself,
but rather the actual characters de-coded from the url using the decoding
you specify. Also, you decide the appropriate mapping. Go to the xml file,
make your own mapping, and call it instead of the one I did called "resume"
or whatever it is. It just stores as many named mapping schemes you like,
and you call the one you want.
----- Original Message -----
From: "Jeff Trent" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "Jonathan" <[EMAIL PROTECTED]>
Sent: Wednesday, May 23, 2001 7:55 PM
Subject: Re: Donating Xml Configurable Character filter
> I disagree with this proposal. Your so called disallowed characters could
> be perfectly reasonable in certain contexts. For example, question marks
> are perfectly valid for capturing dailog. Parens are perfectly valid when
> capturing phone numbers, etc.
>
> There is some merit to your basic idea, however. I think what is instead
> needed is a way to encode/decode these special characters before they
reach
> the form and once again before they reach the database. For example, '%'
> has special meaning on most relational databases so it would be nice to
have
> a encoder (not a filter) which can handle the encode/decode process
> seemlessly. But on the other hand, this is not the goal of the struts
> framework. While you can argue that this encode/decode feature is
> appropriate for the form accessors, I doubt struts will ever provide for a
> way to encode/decode your db access.
>
> - jeff
>
> ----- Original Message -----
> From: "Jonathan" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, May 23, 2001 3:24 PM
> Subject: Re: Donating Xml Configurable Character filter
>
>
> > If you look closely, you will first see that the mapping is in memory,
and
> > that it only does conversions for values that are in the map. What is
not
> > in the map is not changed. If a value IS in the map, it will convert it
> to
> > what you have mapped it to. Regarding "overkill", it may or may not be.
> I
> > needed to use it because we are having the biggest problems with xml,
> > unicode characters, utf-8, and internationalization. It is not
> necessarily
> > to be used on the web tier alone, although it can be. You guys use that
> > "fast Hash Map", which could be employd here since its read only. Also,
> > people on the list have been looking for a character filter, and here is
> > one. It may be useful or not. You guys are the brains around here ;^>
> I'm
> > just trying to learn from you.=)
> >
> > Jonathan
> >
> > ----- Original Message -----
> > From: "Nanduri, Amarnath" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, May 23, 2001 1:54 PM
> > Subject: RE: Donating Xml Configurable Character filter
> >
> >
> > > Hi Jonathan,
> > >
> > > This is interesting stuff you are sending. Don't you think it is
a
> > bit
> > > of an overkill ? Correct me if i am wrong, on a heavy traffic website
i
> am
> > > thinking this might slow down the applicationa lot. I am thinking of
a
> > > simple filter which use the methods that String class provides.
> > >
> > > I think you can basically convert every string into a char array.
> > > Depending on the flag you convert either the allowedCharacters (or)
> > > disallowedCharacters into a char array. For every element of this
array
> > you
> > > try to find an index into this input String. If index is != -1, the
> > > character is present in the input string. You then decide what you
want
> to
> > > do with the character. Since i will be dealing with international
> > characters
> > > aswell, i can put the characters as an unicode value in the properties
> > file.
> > > That way i will have flexibility and ease of maintenance of the
> character
> > > set that i want to control in an application. Since the user input
(per
> > > field) can at the max be around 50-250 characters, i don't think it
will
> > be
> > > a performance hit. On a heavy volume application ( with > 100 users at
a
> > > time ) i wonder what will be the performance hit ? I would really
> > appreciate
> > > your feedback on this. Thanks a lot.
> > >
> > > cheers,
> > > Amar..
> > >
> > >
> > > -----Original Message-----
> > > From: Jonathan [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, May 23, 2001 1:03 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Donating Xml Configurable Character filter
> > >
> > >
> > >
> > > Character Filter Donation
> > >
> > >
> > > ----- Original Message -----
> > > From: "Nanduri, Amarnath" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Wednesday, May 23, 2001 9:39 AM
> > > Subject: Suggestions for Struts 1.1 TODO LIST ---- Request Filtering
> > > technology for Struts
> > >
> > >
> > > > Hi Everybody,
> > > >
> > > > I would really like the opinion of the big heavyweights who
> > designed
> > > > this framework. I have a small but important suggestion to make for
> the
> > > > struts 1.1 todo list.
> > > > So far struts does not implement a filtering technology for incoming
> > > > requests which is very important in this hacker dominated world. I
> have
> > a
> > > > simple solution / change that can be made to the current version of
> > > struts
> > > > which would implement this filtering technology. This filter
basically
> > > > filters out unwanted characters submitted by the user so that the
> > > database
> > > > will not be harmed. I propose that the BeanUtils.populate() method
be
> > > > modified to include a filter(before calling the setters on the
> > > corresponding
> > > > form object). The filter() method takes the bad / unwanted
characters
> > out
> > > > and give back a clean string. This clean string is then set in the
> > > > corresponding form setter method. This filter would read from a
> > > properties
> > > > file the following criteria....The structure of the properties file
> > would
> > > > be..
> > > >
> > > > # allowed characters in the database
> > > > allowedCharacters = askbdsvASDASDA123412321...
> > > >
> > > > # disallowed characters in the database
> > > > disallowedCharacters = ~`!@#$%^&*()-|\\<,>.?/:;"'
> > > >
> > > > # replacement character. For every disallowed character in the
> input
> > > > string,
> > > > # it would be replaced by this character
> > > > replacementChar = "-"
> > > >
> > > > # This flag specifies whether to check the incoming string for
> > > > allowedCharacters
> > > > # or disallowedCharacters.
> > > > # 1 = allowedCharacters
> > > > # 2 = disallowedCharacters
> > > > filterWhatKind = 1
> > > >
> > > > # This flag specifies whether to allow filtering or not
> > > > # true = allow filtering
> > > > # false = disallow filtering
> > > > filterFlag = true
> > > >
> > > > Have a method called filter() in the BeanUtils that will
implement
> > > the
> > > > specific filter. Based on the 'filterFlag' value this method is
either
> > > > called or ignored in the BeanUtils.populate () method.
> > > >
> > > > The properties file is specified in the web.xml file at the
> > > > ActionServlet level.
> > > > This file is application specific and can be changed / modified
based
> on
> > > the
> > > > application. Not having this properties file indicates that no
> filtering
> > > is
> > > > to be implemented.
> > > >
> > > > Any comments / suggestions are welcome.
> > > >
> > > > cheers,
> > > > Amar..
> > > >
> > >
> > > (See attached file: TextFilter.java)
> > > (See attached file: MappingParser.java)
> > > (See attached file: character_mappings.xml)
> > >
> >
> >
>
>
